Hey all,

I am creating a website where users can order some products and publishers can insert their products through a back-end system.

I want the products to be visible on the website for users to order but when users order, i want this information in a different database that cannot be accessed through the web.

I thought of the following options:

1) Option1 - Webservice with two database
Database A) Front-end (product catalog)
Database B) Back-end (order tables)

Foreign keys would be made from Database B to Database A. E.g. Foreign key in DatabaseB.Booking.product_id to DatabaseA.product.product_id

I would use a webservice that has access to database B to insert the orders. So if a user compromises the webserver they only have access to database A, which is basically the product listing.

2) Option 2 - Replication
Database A) Front-end (product catalog)
Database B) All tables

Now I would have to copy some tables to database A to be used by the website.

How would you implement this securely? Basically making sure that webusers never have access to the order tables...